| Skip Navigation Links | |
| Exit Print View | |
 | man pages section 3: Library Interfaces and Headers Oracle Solaris 11 Information Library |
| Skip Navigation Links | |
| Exit Print View | |
| man pages section 3: Library Interfaces and Headers Oracle Solaris 11 Information Library |
Library Interfaces and Headers
SMHBA_GetAdapterAttributes(3LIB)
SMHBA_GetAdapterPortAttributes(3LIB)
SMHBA_GetBindingCapability(3LIB)
SMHBA_GetDiscoveredPortAttributes(3LIB)
SMHBA_GetFCPhyAttributes(3LIB)
SMHBA_GetPersistentBinding(3LIB)
SMHBA_GetPortAttributesByWWN(3LIB)
SMHBA_GetProtocolStatistics(3LIB)
SMHBA_GetSASPhyAttributes(3LIB)
SMHBA_GetVendorLibraryAttributes(3LIB)
SMHBA_GetWrapperLibraryAttributes(3LIB)
SMHBA_RegisterForAdapterAddEvents(3LIB)
SMHBA_RegisterForAdapterEvents(3LIB)
SMHBA_RegisterForAdapterPhyStatEvents(3LIB)
SMHBA_RegisterForAdapterPortEvents(3LIB)
SMHBA_RegisterForAdapterPortStatEvents(3LIB)
SMHBA_RegisterForTargetEvents(3LIB)
SMHBA_RemoveAllPersistentBindings(3LIB)
SMHBA_RemovePersistentBinding(3LIB)
- PKCS#11 Cryptographic Framework library
cc [flag... ]file...-lpkcs11 [library... ]#include <security/cryptoki.h>#include <security/pkcs11.h>
Thelibpkcs11 library implements the RSA Security Inc. PKCS#11 Cryptographic Token Interface(Cryptoki), v2.20 specification by using plug-ins to provide the slots.
Each plug-in, which also implements RSA PKCS#11 v2.20, represents one or moreslots.
Thelibpkcs11 library provides a special slot called the meta slot. Themeta slot provides a virtual union of capabilities of all other slots.When available, the meta slot is always the first slot provided bylibpkcs11. The order of the rest of the slots is not guaranteed andmay vary with every load of this library.
The meta slot feature can be configured either system-wide or by individualusers. System-wide configuration for meta slot features is done with thecryptoadm(1M)utility. User configuration for meta slot features is performed with environment variables.
By default, the following is the system-wide configuration for meta slot. Metaslot is enabled. Meta slot provides token-based object support with the SoftwareRSA PKCS#11 softtoken (pkcs11_softtoken(5)). Meta slot is allowed to move sensitive tokenobjects to other slots if that is necessary to perform an operation.
Users can overwrite one or more system-wide configuration options for meta slotusing these environment variables.
The${METASLOT_OBJECTSTORE_SLOT} and${METASLOT_OBJECTSTORE_TOKEN} environment variables are used to specify an alternatetoken object store. A user can specify either slot-description in${METASLOT_OBJECTSTORE_SLOT} ortoken-label in${METASLOT_OBJECTSTORE_TOKEN}, or both. Valid values for slot-description and token-label areavailable from output of the command:
cryptoadm list -v
The${METASLOT_ENABLED} environment variable is used to specify whether the user wantsto turn the metaslot feature on or off. Only two values arerecognized. The value “true” means meta slot will be on. The value“false” means meta slot will be off.
The${METASLOT_AUTO_KEY_MIGRATE} environment variable is used to specify whether the user wantssensitive token objects to move to other slots for cryptographic operations. Onlytwo values are recognized. The value “true” means meta slot will migratesensitive token objects to other slots if necessary. The value “false” means metaslot will not migrate sensitive token objects to other slots even ifit is necessary.
When the meta slot feature is enabled, the slot that provides token-basedobject support is not shown as one of the available slots. Allof its functionality can be used with the meta slot.
This library filters the list of mechanisms available from plug-ins based onthe policy set bycryptoadm(1M).
This library provides entry points for all PKCS#11 v2.20 functions. See theRSA PKCS#11 v2.20 specification athttp://www.rsasecurity.com.
Plug-ins are added tolibpkcs11 by thepkcs11conf class action script duringexecution ofpkgadd(1M). The available mechanisms are administered by thecryptoadm(1M) utility.
Plug-ins must have all of their library dependancies specified, includinglibc(3LIB). Librariesthat have unresolved symbols, including those fromlibc, will be rejected anda message will be sent tosyslog(3C) for such plug-ins.
Due to U.S. Export regulations, all plug-ins are required to be cryptographicallysigned using theelfsign utility.
Any plug-in that is not signed or is not a compatible versionof PKCS#11 will be dropped bylibpkcs11. When a plug-in is dropped,the administrator is alerted by thesyslog(3C) utility.
The<security/pkcs11f.h> header contains function definitions. The<security/pkcs11t.h> header contains type definitions.Applications can include either of these headers in place of<security/pkcs11.h>, whichcontains both function and type definitions.
The shared objectlibpkcs11.so.1 provides the public interfaces defined below. SeeIntro(3)for additional information on shared object interfaces.
|
|
shared object
64–bit shared object
Seeattributes(5) for descriptions of the following attributes:
|
The SUNW Extension functions are MT-Safe. The PKCS#11 Standard functions are MT-Safewith exceptions. See Section 6.6.2 of RSA PKCS#11 v2.20.
The PKCS#11 Standard functions conform to PKCS#11 v2.20.
cryptoadm(1M),pkgadd(1M),Intro(3),SUNW_C_GetMechSession(3EXT),syslog(3C),attributes(5) ,pkcs11_kernel(5),pkcs11_softtoken(5)
RSA PKCS#11 v2.20http://www.rsasecurity.com
If an application callsC_WaitForSlotEvent() without theCKF_DONT_BLOCK flag set,libpkcs11 mustcreate threads internally. If, however,CKF_LIBRARY_CANT_CREATE_OS_THREADS is set,C_WaitForSlotEvent() returnsCKR_FUNCTION_FAILED.
The PKCS#11 library does not work with Netscape 4.x but does workwith more recent versions of Netscape and Mozilla.
BecauseC_Initalize() might have been called by both an application and alibrary, it is not safe for a library or its plugins tocallC_Finalize(). A library can be finished calling functions fromlibpkcs11, whilean application might not.
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.Legal Notices |   |